--- /dev/null
+From c1a79ca202d711758202af431f63648305d84eb0 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Thu, 29 Jul 2021 20:03:25 +0900
+Subject: HID: apple: Fix logical maximum and usage maximum of Magic Keyboard
+ JIS
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+From: Mizuho Mori <morimolymoly@gmail.com>
+
+[ Upstream commit 67fd71ba16a37c663d139f5ba5296f344d80d072 ]
+
+Apple Magic Keyboard(JIS)'s Logical Maximum and Usage Maximum are wrong.
+
+Below is a report descriptor.
+
+0x05, 0x01, /* Usage Page (Desktop), */
+0x09, 0x06, /* Usage (Keyboard), */
+0xA1, 0x01, /* Collection (Application), */
+0x85, 0x01, /* Report ID (1), */
+0x05, 0x07, /* Usage Page (Keyboard), */
+0x15, 0x00, /* Logical Minimum (0), */
+0x25, 0x01, /* Logical Maximum (1), */
+0x19, 0xE0, /* Usage Minimum (KB Leftcontrol), */
+0x29, 0xE7, /* Usage Maximum (KB Right GUI), */
+0x75, 0x01, /* Report Size (1), */
+0x95, 0x08, /* Report Count (8), */
+0x81, 0x02, /* Input (Variable), */
+0x95, 0x05, /* Report Count (5), */
+0x75, 0x01, /* Report Size (1), */
+0x05, 0x08, /* Usage Page (LED), */
+0x19, 0x01, /* Usage Minimum (01h), */
+0x29, 0x05, /* Usage Maximum (05h), */
+0x91, 0x02, /* Output (Variable), */
+0x95, 0x01, /* Report Count (1), */
+0x75, 0x03, /* Report Size (3), */
+0x91, 0x03, /* Output (Constant, Variable), */
+0x95, 0x08, /* Report Count (8), */
+0x75, 0x01, /* Report Size (1), */
+0x15, 0x00, /* Logical Minimum (0), */
+0x25, 0x01, /* Logical Maximum (1), */
+
+here is a report descriptor which is parsed one in kernel.
+see sys/kernel/debug/hid/<dev>/rdesc
+
+05 01 09 06 a1 01 85 01 05 07
+15 00 25 01 19 e0 29 e7 75 01
+95 08 81 02 95 05 75 01 05 08
+19 01 29 05 91 02 95 01 75 03
+91 03 95 08 75 01 15 00 25 01
+06 00 ff 09 03 81 03 95 06 75
+08 15 00 25 [65] 05 07 19 00 29
+[65] 81 00 95 01 75 01 15 00 25
+01 05 0c 09 b8 81 02 95 01 75
+01 06 01 ff 09 03 81 02 95 01
+75 06 81 03 06 02 ff 09 55 85
+55 15 00 26 ff 00 75 08 95 40
+b1 a2 c0 06 00 ff 09 14 a1 01
+85 90 05 84 75 01 95 03 15 00
+25 01 09 61 05 85 09 44 09 46
+81 02 95 05 81 01 75 08 95 01
+15 00 26 ff 00 09 65 81 02 c0
+00
+
+Position 64(Logical Maximum) and 70(Usage Maximum) are 101.
+Both should be 0xE7 to support JIS specific keys(ろ, Eisu, Kana, |) support.
+position 117 is also 101 but not related(it is Usage 65h).
+
+There are no difference of product id between JIS and ANSI.
+They are same 0x0267.
+
+Signed-off-by: Mizuho Mori <morimolymoly@gmail.com>
+Signed-off-by: Jiri Kosina <jkosina@suse.cz>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/hid/hid-apple.c | 7 +++++++
+ 1 file changed, 7 insertions(+)
+
+diff --git a/drivers/hid/hid-apple.c b/drivers/hid/hid-apple.c
+index 959a9e38b4f5..149902619cbc 100644
+--- a/drivers/hid/hid-apple.c
++++ b/drivers/hid/hid-apple.c
+@@ -302,12 +302,19 @@ static int apple_event(struct hid_device *hdev, struct hid_field *field,
+
+ /*
+ * MacBook JIS keyboard has wrong logical maximum
++ * Magic Keyboard JIS has wrong logical maximum
+ */
+ static __u8 *apple_report_fixup(struct hid_device *hdev, __u8 *rdesc,
+ unsigned int *rsize)
+ {
+ struct apple_sc *asc = hid_get_drvdata(hdev);
+
++ if(*rsize >=71 && rdesc[70] == 0x65 && rdesc[64] == 0x65) {
++ hid_info(hdev,
++ "fixing up Magic Keyboard JIS report descriptor\n");
++ rdesc[64] = rdesc[70] = 0xe7;
++ }
++
+ if ((asc->quirks & APPLE_RDESC_JIS) && *rsize >= 60 &&
+ rdesc[53] == 0x65 && rdesc[59] == 0x65) {
+ hid_info(hdev,
+--
+2.33.0
+
--- /dev/null
+From 6c314d621d12f98ea0ca46ca3cad75a7221ac54c Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 27 Aug 2021 22:42:30 +0800
+Subject: mac80211: Drop frames from invalid MAC address in ad-hoc mode
+
+From: YueHaibing <yuehaibing@huawei.com>
+
+[ Upstream commit a6555f844549cd190eb060daef595f94d3de1582 ]
+
+WARNING: CPU: 1 PID: 9 at net/mac80211/sta_info.c:554
+sta_info_insert_rcu+0x121/0x12a0
+Modules linked in:
+CPU: 1 PID: 9 Comm: kworker/u8:1 Not tainted 5.14.0-rc7+ #253
+Workqueue: phy3 ieee80211_iface_work
+RIP: 0010:sta_info_insert_rcu+0x121/0x12a0
+...
+Call Trace:
+ ieee80211_ibss_finish_sta+0xbc/0x170
+ ieee80211_ibss_work+0x13f/0x7d0
+ ieee80211_iface_work+0x37a/0x500
+ process_one_work+0x357/0x850
+ worker_thread+0x41/0x4d0
+
+If an Ad-Hoc node receives packets with invalid source MAC address,
+it hits a WARN_ON in sta_info_insert_check(), this can spam the log.
+
+Signed-off-by: YueHaibing <yuehaibing@huawei.com>
+Link: https://lore.kernel.org/r/20210827144230.39944-1-yuehaibing@huawei.com
+Signed-off-by: Johannes Berg <johannes.berg@intel.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/mac80211/rx.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+
+diff --git a/net/mac80211/rx.c b/net/mac80211/rx.c
+index b40e71a5d795..3dc370ad23bf 100644
+--- a/net/mac80211/rx.c
++++ b/net/mac80211/rx.c
+@@ -3692,7 +3692,8 @@ static bool ieee80211_accept_frame(struct ieee80211_rx_data *rx)
+ if (!bssid)
+ return false;
+ if (ether_addr_equal(sdata->vif.addr, hdr->addr2) ||
+- ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2))
++ ether_addr_equal(sdata->u.ibss.bssid, hdr->addr2) ||
++ !is_valid_ether_addr(hdr->addr2))
+ return false;
+ if (ieee80211_is_beacon(hdr->frame_control))
+ return true;
+--
+2.33.0
+
--- /dev/null
+From 31fb6efeb3cd516524cf1f5154a24fa2a3312dd8 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sun, 12 Sep 2021 22:24:33 +0100
+Subject: netfilter: ip6_tables: zero-initialize fragment offset
+
+From: Jeremy Sowden <jeremy@azazel.net>
+
+[ Upstream commit 310e2d43c3ad429c1fba4b175806cf1f55ed73a6 ]
+
+ip6tables only sets the `IP6T_F_PROTO` flag on a rule if a protocol is
+specified (`-p tcp`, for example). However, if the flag is not set,
+`ip6_packet_match` doesn't call `ipv6_find_hdr` for the skb, in which
+case the fragment offset is left uninitialized and a garbage value is
+passed to each matcher.
+
+Signed-off-by: Jeremy Sowden <jeremy@azazel.net>
+Reviewed-by: Florian Westphal <fw@strlen.de>
+Signed-off-by: Pablo Neira Ayuso <pablo@netfilter.org>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ net/ipv6/netfilter/ip6_tables.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/net/ipv6/netfilter/ip6_tables.c b/net/ipv6/netfilter/ip6_tables.c
+index 579fda1bc45d..ce54e66b47a0 100644
+--- a/net/ipv6/netfilter/ip6_tables.c
++++ b/net/ipv6/netfilter/ip6_tables.c
+@@ -290,6 +290,7 @@ ip6t_do_table(struct sk_buff *skb,
+ * things we don't know, ie. tcp syn flag or ports). If the
+ * rule is also a fragment-specific rule, non-fragments won't
+ * match it. */
++ acpar.fragoff = 0;
+ acpar.hotdrop = false;
+ acpar.net = state->net;
+ acpar.in = state->in;
+--
+2.33.0
+
--- /dev/null
+From de9dc4077167fa8e0b1b846ee4139a1d4149d5f1 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Wed, 29 Sep 2021 17:04:21 +1000
+Subject: perf/x86: Reset destroy callback on event init failure
+
+From: Anand K Mistry <amistry@google.com>
+
+[ Upstream commit 02d029a41dc986e2d5a77ecca45803857b346829 ]
+
+perf_init_event tries multiple init callbacks and does not reset the
+event state between tries. When x86_pmu_event_init runs, it
+unconditionally sets the destroy callback to hw_perf_event_destroy. On
+the next init attempt after x86_pmu_event_init, in perf_try_init_event,
+if the pmu's capabilities includes PERF_PMU_CAP_NO_EXCLUDE, the destroy
+callback will be run. However, if the next init didn't set the destroy
+callback, hw_perf_event_destroy will be run (since the callback wasn't
+reset).
+
+Looking at other pmu init functions, the common pattern is to only set
+the destroy callback on a successful init. Resetting the callback on
+failure tries to replicate that pattern.
+
+This was discovered after commit f11dd0d80555 ("perf/x86/amd/ibs: Extend
+PERF_PMU_CAP_NO_EXCLUDE to IBS Op") when the second (and only second)
+run of the perf tool after a reboot results in 0 samples being
+generated. The extra run of hw_perf_event_destroy results in
+active_events having an extra decrement on each perf run. The second run
+has active_events == 0 and every subsequent run has active_events < 0.
+When active_events == 0, the NMI handler will early-out and not record
+any samples.
+
+Signed-off-by: Anand K Mistry <amistry@google.com>
+Signed-off-by: Peter Zijlstra (Intel) <peterz@infradead.org>
+Link: https://lkml.kernel.org/r/20210929170405.1.I078b98ee7727f9ae9d6df8262bad7e325e40faf0@changeid
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ arch/x86/events/core.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/arch/x86/events/core.c b/arch/x86/events/core.c
+index c26cca506f64..c20df6a3540c 100644
+--- a/arch/x86/events/core.c
++++ b/arch/x86/events/core.c
+@@ -2075,6 +2075,7 @@ static int x86_pmu_event_init(struct perf_event *event)
+ if (err) {
+ if (event->destroy)
+ event->destroy(event);
++ event->destroy = NULL;
+ }
+
+ if (ACCESS_ONCE(x86_pmu.attr_rdpmc))
+--
+2.33.0
+
--- /dev/null
+From 1f958b0fea54ca4a347a69b45e57f859f2c8fd12 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Fri, 24 Sep 2021 17:51:53 +0800
+Subject: scsi: ses: Fix unsigned comparison with less than zero
+
+From: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
+
+[ Upstream commit dd689ed5aa905daf4ba4c99319a52aad6ea0a796 ]
+
+Fix the following coccicheck warning:
+
+./drivers/scsi/ses.c:137:10-16: WARNING: Unsigned expression compared
+with zero: result > 0.
+
+Link: https://lore.kernel.org/r/1632477113-90378-1-git-send-email-jiapeng.chong@linux.alibaba.com
+Reported-by: Abaci Robot <abaci@linux.alibaba.com>
+Signed-off-by: Jiapeng Chong <jiapeng.chong@linux.alibaba.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/ses.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/drivers/scsi/ses.c b/drivers/scsi/ses.c
+index 69046d342bc5..39396548f9b5 100644
+--- a/drivers/scsi/ses.c
++++ b/drivers/scsi/ses.c
+@@ -120,7 +120,7 @@ static int ses_recv_diag(struct scsi_device *sdev, int page_code,
+ static int ses_send_diag(struct scsi_device *sdev, int page_code,
+ void *buf, int bufflen)
+ {
+- u32 result;
++ int result;
+
+ unsigned char cmd[] = {
+ SEND_DIAGNOSTIC,
+--
+2.33.0
+
--- /dev/null
+From 12ccbc0ecec33f62b60edfa71a7e4618c02aebf5 Mon Sep 17 00:00:00 2001
+From: Sasha Levin <sashal@kernel.org>
+Date: Sat, 25 Sep 2021 00:03:30 +0100
+Subject: scsi: virtio_scsi: Fix spelling mistake "Unsupport" -> "Unsupported"
+
+From: Colin Ian King <colin.king@canonical.com>
+
+[ Upstream commit cced4c0ec7c06f5230a2958907a409c849762293 ]
+
+There are a couple of spelling mistakes in pr_info and pr_err messages.
+Fix them.
+
+Link: https://lore.kernel.org/r/20210924230330.143785-1-colin.king@canonical.com
+Signed-off-by: Colin Ian King <colin.king@canonical.com>
+Signed-off-by: Martin K. Petersen <martin.petersen@oracle.com>
+Signed-off-by: Sasha Levin <sashal@kernel.org>
+---
+ drivers/scsi/virtio_scsi.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/drivers/scsi/virtio_scsi.c b/drivers/scsi/virtio_scsi.c
+index 7ba0031d3a73..d5575869a25c 100644
+--- a/drivers/scsi/virtio_scsi.c
++++ b/drivers/scsi/virtio_scsi.c
+@@ -343,7 +343,7 @@ static void virtscsi_handle_transport_reset(struct virtio_scsi *vscsi,
+ }
+ break;
+ default:
+- pr_info("Unsupport virtio scsi event reason %x\n", event->reason);
++ pr_info("Unsupported virtio scsi event reason %x\n", event->reason);
+ }
+ }
+
+@@ -396,7 +396,7 @@ static void virtscsi_handle_event(struct work_struct *work)
+ virtscsi_handle_param_change(vscsi, event);
+ break;
+ default:
+- pr_err("Unsupport virtio scsi event %x\n", event->event);
++ pr_err("Unsupported virtio scsi event %x\n", event->event);
+ }
+ virtscsi_kick_event(vscsi, event_node);
+ }
+--
+2.33.0
+
rtnetlink-fix-if_nlmsg_stats_size-under-estimation.patch
i40e-fix-endless-loop-under-rtnl.patch
gup-document-and-work-around-cow-can-break-either-way-issue.patch
+hid-apple-fix-logical-maximum-and-usage-maximum-of-m.patch
+netfilter-ip6_tables-zero-initialize-fragment-offset.patch
+mac80211-drop-frames-from-invalid-mac-address-in-ad-.patch
+scsi-ses-fix-unsigned-comparison-with-less-than-zero.patch
+scsi-virtio_scsi-fix-spelling-mistake-unsupport-unsu.patch
+perf-x86-reset-destroy-callback-on-event-init-failur.patch
projects / thirdparty / kernel / stable-queue.git / commitdiff
